Programmatic Direct Mail Should Be Top-of-Mind This Holiday Season Here’s Why


This Privacy Policy describes the types of Personal Information (“PI”) that PebblePost, Inc., (the “Company”, “we”, “us” or “our”) collects, the purposes for which we collect PI, the other parties with whom we may share PI, and the measures we take to protect the security of PI. It also tells you about your rights and choices with respect to your PI, and how you may contact us about our privacy practices.

Please note that this Privacy Policy describes the practices related to our web site, (“Site”) and to the Programmatic Direct Mail® (PDM®) services and products (“PDM Services”) we offer to our corporate clients (“Brand Partners”).

This Privacy Policy consists of the following sections:

  1. Definition of PI
  2. Information for Users of PebblePost’s Site
  3. Information Relating to PI Obtained When Brand Partners Use PDM Services
  4. How PI Is Secured
  5. Rights for Non-California Residents
  6. Rights for California Residents
  7. Notices

1. Definition of PI

“Personal Information” or “PI” means any information relating to an identified or identifiable individual or household, as defined under applicable law. Specific categories of PI we collect or receive are described in more detail below.

2. Information for Users of PebblePost’s Site

Categories of PI we collect from you when you use PebblePost’s Site: When you visit our Site, PebblePost collects certain PI, including your:

– Contact information (such as your name, email address and physical address)

– Online identifiers (such as cookies and mobile device IDs, and related browsing information)

The source of PI we collect:
We collect directly from you when you use our Site.

The business purpose for collecting your PI:
We use such information to contact you regarding our PDM Services, and to remember your preferences on our Site. We may use your PI to: (i) communicate with you about our products and services; (ii) provide certain information to access our blogs or to download certain information on the website; (iii) review your job application; (iv) provide you content, including but not limited to newsletters or blog posts; and (v) serve other purposes for which we provide specific notice at the time of collection, and as otherwise authorized or required by applicable law.

Categories and purposes of third parties with whom we may share PI:
These include but are not limited to: (i) responding to law enforcement requests and as required by applicable law, court order, or governmental regulations; (ii) investigating fraud or violations of law or of any party’s rights; (iii) to our service providers, such as hosting providers and email service providers; provided, however, such service providers are only authorized by us to use the PI in connection with their performance of services for us.

Site user responsibility: Users are responsible for ensuring the accuracy of PI that is submitted through the Site.


Cookies: We use cookies, pixels and other automated tracking technologies to collect information from the Site, such as browser type and operating system, the number of website users, and understanding how visitors use the Site. Some of our service providers may collect this type of information from you as well. If you want to stop or restrict the placement of cookies or delete any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at

By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our Site or some of its functionality may be affected. Cookies and similar items are not used by us to automatically retrieve information that can individually identify you from your device without your knowledge.

Links to Other Websites: We may link to content contained on other websites. We are not responsible for the content of other websites and your use of those websites is subject to the privacy practices of those websites.

3. Information Relating To PI Obtained When Brand Partners Use PDM Services

Categories of PI that we collect about consumers when Brand Partners use PDM Services: We may collect names, email addresses, physical addresses, and online identifiers such as cookies and mobile device IDs, and related browsing information.

Source and Collection of PI: When Brand Partners use our PDM Services, we may receive PI from three sources:

1. Brand Partners provide PI to PebblePost and give their consumers full notice of such, and Brand Partners provide their consumers with the ability to opt out of the collection or sale of their PI in compliance with all applicable laws.

2.  PebblePost collects PI through PebblePost’s JavaScript tag (i.e., PebblePost’s programming language) when consumers visit Brand Partners’ sites. Brand Partners notify consumers of such collection and they provide consumers with the ability to opt out of the collection or sale of their PI in compliance with all applicable laws.

3.  PebblePost receives such information from service providers and maintains databases of such information. Service providers comply with all applicable laws in providing consumers notice and the ability to opt out of the collection or sale of PI. The provision of Services to Brands may include working with third party service providers to match online data with mailing addresses of Brand Partners’ consumers.

Business purpose for collecting and receiving consumer PI: PebblePost uses PI in order to provide the PDM Services to Brand Partners, including the mailing of direct mail marketing pieces to consumers’ mailing addresses on behalf of Brand Partners.

Categories and purposes for sharing consumers’ PI with third parties: These include but are not limited to: (i) providing PDM Services to Brand Partners to deliver direct mail pieces to consumer mailing address; (ii) investigation of suspected fraud or violations of law or of any party’s rights; and (iii) to our third-party service providers, such as hosting providers and email service providers, but only as they are authorized by us to use such information in connection with their performance of services for us.

4. How PI Is Secured

 We maintain appropriate, industry standard security safeguards to protect and secure user and Brand Partner consumers’ PI and retain it only for as long as there is a legitimate business need.

5. Rights For Non-California Residents

 For users of the PebblePost’s Site: If you have signed up to receive our marketing emails and prefer not to receive marketing information from this Site, follow the “unsubscribe” instructions provided on any marketing e-mail you receive from this Service.

For consumers of Brand Partners: You may exercise your right to opt out of receiving PDM Services from PebblePost here.

6. Rights For California Residents

If you are a California resident, you may exercise certain rights regarding your PI under the California Consumer Privacy Act (“CCPA”), including:

  • “Right to Delete”: You may request that we delete any PI we possess about you.
  • “Right to Know”: You may request the categories of PI collected about you, the categories of sources from which the PI is collected, the purpose for collecting and selling the PI, the categories of third parties which whom we share the PI and the specific pieces of PI collected about you.
  • “Do Not Sell”: Not applicable as PebblePost does not “sell” PI as that term is defined under the CCPA.

How to exercise your rights if you are a California Resident:

· Complete the form located here

· You may also mail in your request to us by completing all of the information indicated in the form (linked here) and mailing the form to:


Attn: Privacy Officer

400 Lafayette Street, 2nd Floor

New York, NY 10003

CCPA Notice to Consumers of Brand Partners: In the event PebblePost has received your PI from a Brand Partner, you may contact that Brand Partner directly and inquire about your PI or you may request deletion of your PI from PebblePost as set forth above by completing the form above. Note that PebblePost does not “sell” your PI so “Do Not Sell” requests should be made to Brand Partners directly.

Verification & Right to Authorized Agent: We will maintain procedures to verify that you are authorized to make the requests set forth above. You may also designate an authorized agent to make these requests by emailing us at or by completing the form indicated above. PebblePost requires verification that such agent has the authority to act on your behalf. 

7. Notices

Non-Discrimination: We do not discriminate against you for exercising any of your rights above.

Children: Our Site and Brand Services are not intended for children under 13 years of age. We do not knowingly collect individually identifiable information from children under 13. If you are under 13, do not use or provide any individually identifiable information on this Site. If we learn we have collected or received individually identifiable information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any individually identifiable information from or about a child under 13, please contact us at

GDPR: At PebblePost we understand your GDPR compliance obligations. PebblePost develops it products with our Brands’ privacy and security top of mind. For the General Data Protection Regulation (GDPR), we have a multi-tiered compliance strategy.

Data Protection and Cybersecurity

We know our brands take GDPR data protection and cybersecurity seriously. We are dedicated to delivering customer-centric, relevant and meaningful direct mail campaigns, in ways to help our Brands stay in line with GDPR.  What is our multi-tiered strategy?  

– We only mail to households leveraging U.S. addresses
– Below is our JavaScript flow to demonstrate another protective layer

Additional Compliance Layers

– PebblePost works with our Brands set up their Tag Managers on their site to exclude PebblePosts’ JS from being called when any known EU visitors visit the Brand site.

– PebblePost advises our Brands to remove any non-US customers from their customer files when passing such data to PebblePost.

– Leveraging our proprietary technology, we circle back and check again. If PebblePost identifies any Brand IP Address or other online identifier as being related to an EU user in a campaign, PebblePost permanently deletes all related data to that user from our system immediately.

Changes to this Privacy Policy:  We may change or revise our Privacy Policy from time to time. If we decide to change or revise our Privacy Policy, we will post the revised Privacy Policy here so that you will always know what information we gather, how we might use that information and whether we may disclose it to anyone. Your continued use of the Site indicates your agreement to the Privacy Policy as posted, unless your express consent is required by applicable laws.

Have more privacy questions or concerns?